Attacker can stake and unstake to increament the stakerTierHistory mapping and force borderline user to OOG causing all their calls to stake/unstake/compound and claim interest to revert

Incorrect accounting will prevent users from readjusting their participation

Wrong refundExecutionFee in _handleReturn

Loss of fee refund due to premature state deletion in `PerpetualVault::_handleReturn` function

Wrong index causes last depositor to always get execution fee refund if cancelFlow is called by keeper to cancel a withdrawal

Functions that rely on chainlink prices cannot be queried on avalanche due to sequencer uptime check.

User may withdraw more than expected if ADL event happens

Wrong amount is minted to user when they deposit into the lending pool

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

Reward manipulation vulnerability in StabilityPool

Users can borrow more assets than they have deposited as collateral

RToken is Not Interest Bearing Due to Broken Liquidity Index Calculation

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

Attackers can double voting power and veToken amount by locking and increasing

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

Gauge reward period can be extended indefinitely

veRaac Token Constraint MAX_TOTAL_SUPPLY Can Be Bypassed. Vulnerability Disrupts Protocol Functionality and Undermines Governance Quorum.

Multiple Critical Calculation And Logic Errors in `RToken::mint/burn` Function

There is no logic checking for RAACNFT price staleness before minting it

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

Cordinated group of attacker can artificially lower quorum threshold during active proposals forcing malicious proposals to pass without true majority support.

getNormalizedDebt will return a wrong Amount when Timedelta is 0.

closeLiquidation within LendingPool does not allow partial repayments, which can cause massive losses to users within edge case

Inaccurate interest-rate and liquidity calculations due to omitted `updateInterestRatesAndLiquidity()` call in `setProtocolFeeRate()`

Updating the prime rate will change the interest for a time that was already passed

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

Lack of enforcement of the `MAX_TOTAL_LOCKED_AMOUNT`

Missing Checkpoint Reset in `veRAACToken::emergencyWithdraw` Function

Inconsistent time boundary check in `Governance::state` and `Governanane::castVote`

Wrong event emission

Incorrect handling of aave v3 rounding in claim and redeem can temporarily DOS diva fee recipient/ Last user from redeeming/removing liquidity.

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

Incorrect swap amount in CreditDelegationBranch::settleVaultsDebt improperly inflates the tokens to swap leading to DOS or/and oversettling vault debt

`_fillOrder` should update the vaults before deleveraging

`initiateSwap` allows users to initiate swap even when the vault is paused

FullFill Swap will Fail due to minAmountOut wrong calculation

Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout

Total debt used in fulfiling swap actions is wrong because we did not update the vault.

Users can initiate multiple swaps against the same vault/collateral causing the users to lntiate swaps that can not be fulfillable.

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

not adding `claimable` balance to the total assets in `_harvestAndReport` can cause losses.

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

Users can claim more that their actual allotment

Missing sellable check in completePurchase will cause a user to buy a token marked as unsellable by S2ADMIN if it was listed beforehand

A malicious User Can withdrawal funds twice from the Contract.

A malicious Actor can claim a Higher amount than they deposited by calling Create order twice in the same timestamp

Attacker can exploit the fill order in the oracleless contract.

A malicious User can Spend receivers allowance in the STOP-LIMIT contract

Miscalculation of Fee in the Withdraw function in UsualX.sol

Loss of Reward for recipients when RemoveOriginalAllocation is called

Precision Loss due to the direct division of Sqrtprice by Q96

No LSTs transfer on node operator withdrawals resulting in stuck funds and loss for node operators

Remove splitter will always revert if there are some rewards left on splitter contract

Griefer can permanently DOS all the deposits to the `StakingPool`

Vault fee receivers can conditionally block rewards distribution flow

Oversight while Updating the basis fee in staking pool without updating rewards strategy

Inconsistency across multiple repaying functions causing lender to pay extra fees.

when The user Tries to liquidate the max debt a mistake was made to return Debt Shares instead of Amount as normally implemented by aave in the Liquidation Calculations this will lead to a lot of financial miscalculation.

Withdrawing Max colllateral makes the asset Collaterals temporarily unusable because Get Supply balance should return the Total asset but instead it returns Supplyshares + asset value.

Contract fails to deduct the liquidation fee from the User but instead withdraws this directly from the pool.

DOS to withdrawal Function when the user (whales) tries to withdraw the max liquidity available

CuratedVault Deposit function will revert in some cases even the Main POOL is not frozen and Supply cap is not reached because of an Incorrect Deposit Calculation.

After a User withdraws The interest Rate is not updated accordingly leading to the next user using an inflated index during next deposit before the rate is normalized again

Liquidation fails to update the interest Rate when liquidation funds are sent to the treasury thus the next user uses an inflated index

Setting Liquidation fee to 20-30% will break the protocol's liquidation function and can only work if the contract RiskModule is forked updated and redeployed

Superpool has a Pause Function But can never be paused.

Incorrect Asset Check in SuperPool whenever we want to Deposit into Any POOL Contract.

TokenManager - Unlimited withdraw

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

Availability of deposit invariant can be bypassed

Liquidation doesn't account for penalty when calculating collateral to give, allowing users to profit by borrowing and self-liquidating

`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.

WhenNotPaused modifier in the CDPVault can be bypassed by users

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

All the rewards for a particular ERC20 Compliant token available will not be properly distributed leading to a Permanent loss of yield for stakers due to precision loss.

`SettlementBranch._fillOrder` does not guarantee the collateral of a position is enough to pay the future liquidation fee.

Market Disruption and Financial Loss Post-Liquidation

A malicious User can DOS all offchain orders making them unexecutable and leaving the protocol in an insolvent state. Also all offchain Trades can also be DOSed for honest parties that do not meet the fillorder requirements (no try and catch)

Offchain orders are not cancelled after the account has been liquidated

Trading accounts can exceed the maximum number of allowed open positions.

Settlement fills liquidatable Market Orders

Wrong calculation of Accure Reward in Comptroller.sol

Repaying a Loan with Permit in UErc20.sol Wrongly calculates the interest to be paid this Reduce/Increase profits for the protocol as interest calculations are not performed correctly.

Maxclaimable token by msg.sender(user) in Vouch Faucet can be bypassed due to insufficient check.

Users can borrow below the minBorrow limit because of a bypass caused by remainder being greater than 0.

Vultisig whitelisting can be bypassed by anyone

Most users won't be able to claim their share of Uniswap fees

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

Fragmentation fee is not taken if user compensates with newly created position

Chainlink's `latestRoundData` might return stale or incorrect results

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Availability of deposit invariant can be bypassed

Liquidation doesn't account for penalty when calculating collateral to give, allowing users to profit by borrowing and self-liquidating

`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.

WhenNotPaused modifier in the CDPVault can be bypassed by users

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

Pending withdrawals prevent safe removal of collateral assets

`AccountingManager::resetMiddle` will not behave as expected

It is possible to open insolvent position is Silo connector, due to missing check in borrow function

`performanceFeeReceiver` cannot mint any performance fee shares even if TVL is dropped by only a very tiny amount

Vulnerability Report: Denial-of-Service Attack Risk Due to Inadequate Signature Verification in Contract

No incentive to liquidate when CR <= 1 as asset received < dyad burned

Inadequate Handling of BUIDL Redemption Limit in OUSG Instant Manager

oracleCircuitBreaker: Not checking if price information of asset is stale

Permanent loss of yield for stakers in reward pools due to precision loss.